Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files[] parameter, an attacker can add ../ to move all PHP files or any file on the system that has permissions to /upload/files/ folder.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
projectsend projectsend r1295 |